Amazon Linux 2022 Security Advisory: ALAS-2022-078
Advisory Release Date: 2022-05-18 00:40 Pacific
Advisory Updated Date: 2022-05-19 18:29 Pacific
A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples() function of src/pack_utils.c and only affects the command-line program of WavPack (not libwavpack). This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided files, causing a denial of service. (CVE-2021-44269)
Affected Packages:
wavpack
Issue Correction:
Run dnf update --releasever=2022.0.20220518 wavpack to update your system.
aarch64:
wavpack-debugsource-5.4.0-5.amzn2022.aarch64
wavpack-devel-5.4.0-5.amzn2022.aarch64
wavpack-debuginfo-5.4.0-5.amzn2022.aarch64
wavpack-5.4.0-5.amzn2022.aarch64
i686:
wavpack-debugsource-5.4.0-5.amzn2022.i686
wavpack-5.4.0-5.amzn2022.i686
wavpack-devel-5.4.0-5.amzn2022.i686
wavpack-debuginfo-5.4.0-5.amzn2022.i686
src:
wavpack-5.4.0-5.amzn2022.src
x86_64:
wavpack-devel-5.4.0-5.amzn2022.x86_64
wavpack-debugsource-5.4.0-5.amzn2022.x86_64
wavpack-debuginfo-5.4.0-5.amzn2022.x86_64
wavpack-5.4.0-5.amzn2022.x86_64